An unfinished net for catching terrorists

Congress enacted an anti-terrorism law in 2004 that requires federal, state, local and international authorities to share intelligence information that might prevent future terrorist attacks. But establishing the Information Sharing Environment (ISE) that the law requires has not happened, and homeland security experts warn that much valuable information, particularly at the state and local levels, is simply not being shared. The Defense Department and the intelligence community, led by closely knit and powerful chief information officers, have made progress in sharing intelligence information. But critics say there is a danger that their aggressive, ad-hoc approach has excluded other federal, state, local and international partners and complicated the effort to establish an inclusive ISE.DOD and the intelligence community are unified by their organizational similarities and the urgency of the war mission, two factors that have helped them move ahead of the rest of the government in integrating their information systems and developing information-sharing policies. But many security experts and former government officials say that such progress, although welcome, is alienating other partners necessary for an effective ISE.If other agencies take a “do it ourselves” attitude, such as DOD and the Office of the Director of National Intelligence (ODNI) appear to have adopted, the impetus for a shared effort could wane, said Linda Millis, a former government senior intelligence official who is now director of the Markle Foundation’s National Security Program. Thomas McNamara, ISE program manager at ODNI, said bringing other federal, state, local and international partners into the ISE remains an unsolved challenge. “I’ve got an idea [how it will be done] but not much more than that,” he said.The ISE will be a loose architecture of governance and policies to facilitate and coordinate sharing, McNamara said. Creating standards for security clearance levels and identity management will be a big part of the ISE, he added. The necessary technologies will include an electronic directory of intelligence professionals and a Web portal through which outside organizations can access intelligence databases. “A whole set of decisions have yet to be made at the policy level, but the technology is sitting there waiting to be used,” McNamara said. The ISE will feature a series of fusion centers serving as regional repositories of terrorist threat information. But many localities are confused about how they should go about setting up such centers. McNamara leads a program office with  only 25 employees and lacks the resources to impose its vision on large federal departments and agencies. Some anti-terrorism experts say McNamara has had to rely on ODNI’s help in establishing the ISE, and that doing so has weakened the ISE program, which has a broad mandate. Meanwhile, DOD’s Office of the Assistant Secretary of Defense for Networks and Information Integration/CIO and ODNI’s CIO shop have established organizations and policies for sharing information at least within DOD and the intelligence community.In March, the DOD and ODNI CIOs created a Unified Cross Domain Management Office to facilitate electronic data sharing at various levels of secrecy.  Also in March, retired Vice Adm. Michael McConnell, the national intelligence director, named Dale Meyerrose, ODNI’s CIO, as the lead information-sharing executive for the intelligence community.And earlier this month, Meyerrose announced the details of the ODNI and DOD plan to overhaul the process of certifying and accrediting information systems for meeting mandatory security requirements. “We are tearing down walls and building up partnerships,” Meyerrose told an audience at the recent FOSE conference in Washington.DOD intelligence agencies increasingly look to ODNI’s CIO office for direction and leadership rather than to the ISE program management office. The ODNI CIO position is a powerful one that others respect, said Robert Gourley, chief technology officer at the Defense Intelligence Agency. DIA intends to comply 100 percent with ISE standards, but until those standards are established, DIA will follow the lead of ODNI’s CIO office, Gourley said.  DOD and ODNI are taking the lead in other areas in addition to security certification and accreditation. For example, they are setting up communities of interest, which are focused, information-sharing environments associated with specific missions, such as maritime awareness. The DOD and ODNI CIOs are also making progress in creating data standards.Such initiatives are necessary because DOD’s mission is larger than the counterterrorism mission of the ISE, advocates say. But by moving ahead of the ISE program management office, some critics argue, DOD and the intelligence community are creating de facto standards that they can then present to the rest of the federal government and future partners as fait accompli.DOD makes no apologies for taking the lead in devising standards and strategies for sharing intelligence information. “If we do it right, there’s room for the others to come and join,” said Margaret Myers, principal director of DOD’s Deputy CIO Office. DOD lobbies for its standards to become part of the ISE through the governmentwide Information Sharing Council, said Debra Filippi, DOD’s federal information-sharing executive. “Why not take advantage of what we’re doing here?” she asked. Some homeland security experts say they are not worried about slow progress in creating an ISE in which the Homeland Security Department and other federal, state, local and international organizations are active partners. “It’s more important to get it right than to get it fast,” said James Carafano, a senior fellow at the Heritage Foundation. Other experts agree that DOD and ODNI have done good work. They worry, however, that their CIO shops have bypassed partners necessary for the ISE that the Intelligence Reform and Terrorism Prevention Act of 2004 requires. ODNI and the ISE program management office lack strong relationships with state and local governments, and DHS is struggling with management problems, Millis said. As a result, she added,  important sources of information are not being shared. Millis said many states, for example, don’t trust the federal government to protect the personal information of U.S. citizens. ODNI issued privacy guidelines in December 2006, but its requirement that information handlers simply adhere to existing laws was insufficient, she said.“They’re really falling short in building the trust that they need in the ISE,” Millis said. DOD and the intelligence community are making progress because they are closely linked in mission and structure, but cultural differences have kept other agencies from jumping on board. “People just don’t want to share,” said Mike Krieger, director of information policy in DOD’s CIO office. DHS and the Justice Department, including the FBI, must participate for the ISE to work, said James Lewis, a Markle Foundation Task Force Member and a senior fellow at the Center for Strategic and International Studies. And strong leadership will be needed to manage the upcoming turf battles, he saidOfficials at the White House or DOD must be prepared to be referees, Lewis said. Current leaders, including McConnell, Meyerrose and Defense Secretary Robert Gates are effective, he added. But no one knows what will happen when they and others leave, presumably in 2009.